Benchmark: TA0007 Discovery

Overview

The adversary is trying to figure out your environment.

Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.

Usage

Install the mod:

mkdir dashboards
cd dashboards
powerpipe mod init
powerpipe mod install github.com/turbot/tailpipe-mod-nginx-access-log-detections

Start the Powerpipe server:

powerpipe server

Open http://localhost:9033 in your browser and select TA0007 Discovery.

Run this benchmark in your terminal:

powerpipe benchmark run nginx_access_log_detections.benchmark.mitre_attack_v161_ta0007

Snapshot and share results via Turbot Pipes:

powerpipe benchmark run nginx_access_log_detections.benchmark.mitre_attack_v161_ta0007 --share

Benchmarks

T1083 File and Directory Discovery

Benchmark: TA0007 Discovery

Overview

Usage

Benchmarks

Tags